Abstract

Privacy is today an important concern for both dataproviders and data users. Data generalization can provide signicant protection of an individual's privacy, which means the data value can be replaced by a less specic but semantically consistent value and the personal information can be collected in a generalized form. However, over-generalized data may render data of little value. A key question is whether or not a certain generalization strategy provides a sufficient level of privacy and usability?

In this paper, we introduce a new approach, calledprivacy-aware generalization boundaries, which cansatisfy the requirements of both data providers anddata users. We propose a privacy-aware access control model related to a retention period. Formal definitions of authorization actions and rules are presented. Further, we discuss how to manage a valid access process and analysis the access control policy. Finally, we extend our model to support highly complex privacy-related policies by taking into account features of obligations and conditions.